
*erox Docket No. D/A1636 

PATENT APPLICATION/ 

/ 

IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 

re the Application of 
Dirk BALFANZ et al. 

Application No. : 1 0/066,699 Group Art Unit: 2131 

Filed: February 6, 2002 Docket No.: 111679 

For: SYSTEMS AND METHODS FOR AUTHENTICATING COMMUNICATIONS IN A 
NETWORK MEDIUM 

SUPPLEMENTAL PRELIMINARY AMENDMENT 

Director of the U.S. Patent and Trademark Office 
Washington, D. C. 20231 

Sir: 

Prior to initial examination, and subsequent to the Preliminary Amendment filed on 
April 10, 2002, please amend the above-identified application as follows: 
IN THE SPECIFICATION : 

Please replace paragraph [0026] as follows: 

[0026] Figs. 6-8 are flowcharts outlining a second exemplary embodiment of a 
method for authenticating communication over a wireless medium according to this 
invention; 

Please replace paragraph [0027] as follows: 

[0027] Figs. 9-11 illustrate an exemplary embodiment of a communication 
authenticating system for a group of devices according to this invention; 
Please replace paragraph [0028] as follows: 

[0028] Fig. 12 is a flowchart outlining a third exemplary embodiment of a method 
for authenticating communication over a wireless medium according to this invention; and 
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Please replace paragraph [0029] as follows: 

[0029] Fig. 13 is a flowchart outlining a fourth exemplary embodiment of a 
method for authenticating communication over a wireless medium according to this 
invention. 

Please replace paragraph [0050] as follows: 

[0050] Figs. 6-8 are flowcharts outlining one exemplary embodiment of a method 
that complements an improved Guy Fawkes protocol that provides for interactive 
communication. This method may be used where the wireless devices have limited 
computational resources, such that public key operations are infeasible, and the location- 
limited channel does not provide a trusted exchange of secret data. 

Please replace paragraph [0052] as follows: 

[0052] As shown in Figs. 6-8, in accordance with the improved Guy Fawkes protocol, 
according to this invention, operation begins in step S200 and continues to step S205, where 
a counter N is set to 1. Then, in step S210, a first wireless device sends an N th 
communication that includes a digest of its N th secret (authenticator) that will be used to 
authenticate its N th message together with a digest of its N th message over a location-limited 
channel to a second wireless device. Next, in step S215, the second wireless device sends an 
N th communication that includes a digest of its N th secret that will be used to authenticate its 
N th message together with a digest of its N th message over the location-limited channel to the 
first wireless device. Operation then continues to step S220. 

Please replace paragraph [0065] as follows: 

[0065] Figs. 9-11 illustrates an exemplary setting for authenticating a communication 
over a network medium among a group of wireless devices. As shown in Fig. 9, one 
participant acts as the group manager 610. In various embodiments, the first participant to 
send pre-authenticate information becomes the group manager 610. In various other 
exemplary embodiments, a random participant is selected as the group manager. The group 
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manager 610 broadcasts pre-authentication information, such as a commitment to a group 
public key, or its own public key, during a pre-authentication stage to various legitimate 
participants 612, 614 and 616 over a broadcast location-limited channel. As shown in Fig. 
10, other parties 622, 624 and 626 are present and have access to the wireless network. In 
one embodiment, any attempt to send on the location-limited channel results in the detection 
of the attempt, because the legitimate participants are usually able to detect all transmissions 
on the location-limited channel, and to are able compare the number of such transmissions 
with the number of expected transmissions, i.e., the number of legitimate participants. If 
those numbers do not match, the communication may be terminated. 
Please replace paragraph [0066] as follows: 

[0066] As shown in Fig. 11, each participant 612, 614 and 616 responds to the pre- 
authentication broadcast information from the group manager 610 by each broadcasting that 
participant's own pre-authentication information, each containing a commitment to that 
participant's own public key, over the location- limited channel. These broadcasts are 
received by both the group manager 610 and the other legitimate participants 612, 614 and 
61 6. After broadcasting that participant's pre-authentication information, each participant 
612, 614, and 616 in turn makes a point-to-point connection to the group manager 610, for 
example, using the address provided by the group manager 610 as part of the group manager's 
pre-authentication information. Each participant 612, 614, and 616 engages with the group 
manager 610 in a point-to-point key exchange protocol, such as, for example Socket Layer/ 
Transport Layer Security (SSL/TLS). Through the point-to-point exchange protocol, the 
group manager 610 gives each of the participants 612, 614, and 616 a copy of a shared group 
encryption key or keys. These keys are used to encrypt and authenticate further 
communication between all the participants, including the group manager 610 and the other 
participants 612, 614 and 616. 
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Please replace paragraph [0068] as follows: 

[0001068] Fig. 12 is a flowchart outlining a first exemplary embodiment of a 
method for authenticating a communication over a network medium among a group of 
wireless devices. As shown in Fig. 12, the method begins on step S400. Operation continues 
from step S400 to step S410, where a group manager is selected for participants of the group. 
Then, in step S420, the group manager broadcasts its pre-authentication information over a 
location-limited channel to the participants of the group. The pre-authentication information 
according to one embodiment may be a digest of a public key of the group manager. Next, in 
step S430, each participant that receives the pre-authentication information of the group 
manager reciprocates by sending its pre-authentication information to the group manager and 
the other participants. The exchange of the pre-authentication information between the 
participants, including the group manager, occurs as a broadcast over the location-limited 
channel. According to one embodiment, the pre-authentication information of a participant is 
a digest of a public key of that participant. Operation then continues to step S440. 

Please replace paragraph [0071] as follows: 

[0071] Fig. 13 is a flowchart outlining a second exemplary embodiments of the 
method for authenticating a communication over a network medium among a group of 
wireless devices. The method outlined in Fig. 1 1 allows all participants to equally participate 
in key generation, and thus all participants may be equally trusted. 

Please replace paragraph [0072] as follows: 

[0072] As shown in Fig. 13, operation of the method begins in step S500 and 
continues to step S510, where each participant broadcasts its pre-authentication information, 
such as a commitment to a Diffie-Hellman public value, to the participants of the group using 
a broadcast location-limited channel. Then, in step S520, each participant proceed with a 
chosen group key exchange protocol, where participants present their complete Diffie- 
Hellman public values over a wireless network. In various exemplary embodiments, the 
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group key exchange protocol may be a modified Diffie-Hellman key exchange among 
participants of the group, which allows all participants to share in the generation of the group 
shared secret key. 



By this Supplemental Amendment, the specification has been amended to conform to 
the submitted corrected drawings. No new matter has been added. Accordingly, approval of 
the amendments to the specification is respectfully requested. 

The attached Appendix includes marked-up copies of each rewritten paragraph (37 
C.F.R. §1.121(b)(l)(iii)). 

Should the Examiner have any questions or comments regarding the above matter, the 
Examiner is invited to contact Applicants' undersigned attorney at the telephone number 
listed below. 



REMARKS 



Respectfully submitted, 




JameW^/Oliff 
Registration No. 27,075 



Yong S. Choi 
Registration No. 43,324 



JAO:YSC/ale 



Attachment: 
Appendix 



Date: June 3, 2002 



OLIFF& BERRIDGE, PLC 

P.O. Box 19928 
Alexandria, Virginia 22320 
Telephone: (703) 836-6400 



DEPOSIT ACCOUNT USE 
AUTHORIZATION 



Please grant any extension 

necessary for entry; 
Charge any fee due to our 
Deposit Account No. 24-0037 
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APPENDIX 

Changes to Specification: 

The following are a marked-up versions of the amended paragraphs: 

[ 0001 0026] HgsJrHgr 6^8 areis-a flowcharts flowchart outlining a second exemplary 
embodiment of a method for authenticating communication over a wireless medium 
according to this invention; 

[00020027] Figs. 7—9 -1 1 illustrate an exemplary embodiment of a communication 
authenticating system for a group of devices according to this invention; 

[ 0003 00281 Fig. 1 24-0 is a flowchart outlining a third exemplary embodiment of a 
method for authenticating communication over a wireless medium according to this 
invention; and 

[00040024] Fig. 1344 is a flowchart outlining a fourth exemplary embodiment of a 
method for authenticating communication over a wireless medium according to this 
invention. 

[00050050] FigsFig. 6^8 areis-a fl owe harts - f lo wchart outlining one exemplary 
embodiment of a method that complements an improved Guy Fawkes protocol that provides 
for interactive communication. This method may be used where the wireless devices have 
limited computational resources, such that public key operations are infeasible, and the 
location-limited channel does not provide a trusted exchange of secret data. 

[00060052] As shown in Figs Fig. 6^8, in accordance with the improved Guy 
Fawkes protocol, according to this invention, operation begins in step S200 and continues to 
step S205, where a counter N is set to 1. Then, in step S210, a first wireless device sends an 
N th communication that includes a digest of its N th secret (authenticator) that will be used to 
authenticate its N th message together with a digest of its N th message over a location-limited 
channel to a second wireless device. Next, in step S215, the second wireless device sends an 
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N th communication that includes a digest of its N th secret that will be used to authenticate its 
N th message together with a digest of its N th message over the location-limited channel to the 
first wireless device. Operation then continues to step S220. 

[ 0007 00651 Figs. 9-11 7-9 illustrates an exemplary setting for authenticating a j 
communication over a network medium among a group of wireless devices. As shown in 
Fig. 97, one participant acts as the group manager 610. In various embodiments, the first j 
participant to send pre-authenticate information becomes the group manager 610. In various 
other exemplary embodiments, a random participant is selected as the group manager. The 
group manager 610 broadcasts pre-authentication information, such as a commitment to a 
group public key, or its own public key, during a pre-authentication stage to various 
legitimate participants 612, 614 and 616 over a broadcast location-limited channel. As 
shown in Fig. 107, other parties 622, 624 and 626 are present and have access to the wireless 
network. In one embodiment, any attempt to send on the location-limited channel results in 
the detection of the attempt, because the legitimate participants are usually able to detect all 
transmissions on the location-limited channel, and to are able compare the number of such 
transmissions with the number of expected transmissions, i.e., the number of legitimate 
participants. If those numbers do not match, the communication may be terminated. 

[ 0008 00661 As shown in Fig. 11&, each participant 6 1 2, 6 1 4 and 6 1 6 responds to 

the pre-authentication broadcast information from the group manager 610 by each 
broadcasting that participant's own pre-authentication information, each containing a 
commitment to that participant's own public key, over the location-limited channel. These 
broadcasts are received by both the group manager 610 and the other legitimate participants 
612, 614 and 616. After broadcasting that participant's pre-authentication information, each 
participant 612, 614, and 616 in turn makes a point-to-point connection to the group manager 
610, for example, using the address provided by the group manager 610 as part of the group 
manager's pre-authentication information. Each participant 612, 614, and 616 engages with 
the group manager 610 in a point-to-point key exchange protocol, such as, for example 
Socket Layer/ Transport Layer Security (SSL/TLS). Through the point-to-point exchange 
protocol, the group manager 610 gives each of the participants 612, 614, and 616 a copy of a 
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shared group encryption key or keys. These keys are used to encrypt and authenticate further 

communication between all the participants, including the group manager 610 and the other 

participants 612, 614 and 616. 

[00090068] Fig. 124-0 is a flowchart outlining a first exemplary embodiment of a 
method for authenticating a communication over a network medium among a group of 
wireless devices. As shown in Fig. 1210, the method begins on step S400. Operation 
continues from step S400 to step S410, where a group manager is selected for participants of 
the group. Then, in step S420, the group manager broadcasts its pre-authentication 
information over a location-limited channel to the participants of the group. The pre- 
authentication information according to one embodiment may be a digest of a public key of 
the group manager. Next, in step S430, each participant that receives the pre-authentication 
information of the group manager reciprocates by sending its pre-authentication information 
to the group manager and the other participants. The exchange of the pre-authentication 
information between the participants, including the group manager, occurs as a broadcast 
over the location- limited channel. According to one embodiment, the pre-authentication 
information of a participant is a digest of a public key of that participant. Operation then 
continues to step S440. 

[00_10007+] Fig. 1 344- is a flowchart outlining a second exemplary embodiments of 
the method for authenticating a communication over a network medium among a group of 
wireless devices. The method outlined in Fig. 1 1 allows all participants to equally participate 
in key generation, and thus all participants may be equally trusted. 

[ 00110 07-21 As shown in Fig. 1344-, operation of the method begins in step S500 
and continues to step S510, where each participant broadcasts its pre-authentication 
information, such as a commitment to a Diffie-Hellman public value, to the participants of 
the group using a broadcast location-limited channel. Then, in step S520, each participant 
proceed with a chosen group key exchange protocol, where participants present their 
complete Diffie-Hellman public values over a wireless network. In various exemplary 
embodiments, the group key exchange protocol may be a modified Diffie-Hellman key 
exchange among participants of the group, which allows all participants to share in the 
generation of the group shared secret key. 
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